AWS Fundamentals Logo
AWS Fundamentals
L1 ConstructAWS::WAFRegional::RateBasedRule

CfnRateBasedRule

> This is *AWS WAF Classic* documentation. For more information, see [AWS WAF Classic](https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) in the developer guide. > > *For the latest version of AWS WAF* , use the AWS WAF V2 API and see the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) . With the latest version, AWS WAF has a single set of endpoints for regional and global use. A `RateBasedRule` is identical to a regular `Rule` , with one addition: a `RateBasedRule` counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create a `RateBasedRule` that includes the following conditions: - The requests come from 192.0.2.44. - They contain the value `BadBot` in the `User-Agent` header. In the rule, you also define the rate limit as 15,000. Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL. Note you can only create rate-based rules using an CloudFormation template. To add the rate-based rules created through CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see [UpdateWebACL](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_UpdateWebACL.html) .

Import

import { CfnRateBasedRule } from 'aws-cdk-lib/aws-wafregional';

Or use the module namespace:

import * as wafregional from 'aws-cdk-lib/aws-wafregional';
// wafregional.CfnRateBasedRule

Properties

Configuration passed to the constructor as CfnRateBasedRuleProps.

metricNameRequired
string

A name for the metrics for a `RateBasedRule` . The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF , including "All" and "Default_Action." You can't change the name of the metric after you create the `RateBasedRule` .

nameRequired
string

A friendly name or description for a `RateBasedRule` . You can't change the name of a `RateBasedRule` after you create it.

rateKeyRequired
string

The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring. The only valid value for `RateKey` is `IP` . `IP` indicates that requests arriving from the same IP address are subject to the `RateLimit` that is specified in the `RateBasedRule` .

rateLimitRequired
number

The maximum number of requests, which have an identical value in the field specified by the `RateKey` , allowed in a five-minute period. If the number of requests exceeds the `RateLimit` and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

matchPredicatesOptional
IResolvable | IResolvable | PredicateProperty[]

The `Predicates` object contains one `Predicate` element for each `ByteMatchSet` , `IPSet` , or `SqlInjectionMatchSet>` object that you want to include in a `RateBasedRule` .

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::WAFRegional::RateBasedRuleView in CloudFormation Explorer

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

LevelL1 (CloudFormation)
Moduleaws-wafregional
CFN TypeAWS::WAFRegional::RateBasedRule
Properties5

Related Constructs

Explore This Service

External Links